research-article

Attack Models for Advanced Persistent Threats in Smart Grid Wide Area Monitoring

Authors:

Tanja ZsebyAuthors Info & Claims

CPSR-SG'17: Proceedings of the 2nd Workshop on Cyber-Physical Security and Resilience in Smart Grids

Pages 61 - 66

https://doi.org/10.1145/3055386.3055390

Published: 18 April 2017 Publication History

Abstract

Wide Area Monitoring Systems (WAMSs) provide an essential building block for Smart Grid supervision and control. Distributed Phasor Measurement Units (PMUs) allow accurate clock-synchronized measurements of voltage and current phasors (amplitudes, phase angles) and frequencies. The sensor data from PMUs provide situational awareness in the grid, and are used as input for control decisions. A modification of sensor data can severely impact grid stability, overall power supply, and physical devices. Since power grids are critical infrastructures, WAMSs are tempting targets for all kinds of attackers, including well-organized and motivated adversaries such as terrorist groups or adversarial nation states. Such groups possess sufficient resources to launch sophisticated attacks.

In this paper, we provide an in-depth analysis of attack possibilities on WAMSs. We model the dependencies and building blocks of Advanced Persistent Threats (APTs) on WAMSs using attack trees. We consider the whole WAMS infrastructure, including aggregation and data collection points, such as Phasor Data Concentrators (PDCs), classical IT components, and clock synchronization. Since Smart Grids are cyber-physical systems, we consider physical perturbations, in addition to cyber attacks in our models. The models provide valuable information about the chain of cyber or physical attack steps that can be combined to build a sophisticated attack for reaching a higher goal. They assist in the assessment of physical and cyber vulnerabilities, and provide strategic guidance for the deployment of suitable countermeasures.

References

[1]

J. Searle, G. Rasche, A. Wright, and S. Dinnage. NESCOR Guide to Penetration Testing for Electric Utilities. 2016.

[2]

P. Chen, L. Desmet, and C. Huygens. A Study on Advanced Persistent Threats, pages 63--72. Springer Berlin Heidelberg, Berlin, Heidelberg, 2014.

[3]

B. Schneier. Attack Trees. Dr. Dobb's Journal, 1999.

[4]

E. J. Byres, M. Franz, and D. Miller. The Use of Attack Trees in Assessing Vulnerabilities in SCADA Systems. 2004.

[5]

Jie Yan, Manimaran Govindarasu, Chen-Ching LIU, Ming NI, and Umesh VAIDYA. Risk assessment framework for power control systems with PMU-based intrusion response system. Journal of Modern Power Systems and Clean Energy, 2015.

[6]

A. P. Moore, R. J. Ellison, and R. C. Linger. Attack modeling for information security and survivability. Carnegie Mellon University, 2001.

[7]

D. Grochocki, J. H. Huh, R. Berthier, R. Bobba, W. H. Sanders, A. A. Crdenas, and J. G. Jetcheva. Ami threats, intrusion detection requirements and deployment recommendations. In 2012 IEEE Third International Conference on Smart Grid Communications (SmartGridComm), 2012.

[8]

C. W. Ten, C. C. Liu, and M. Govindarasu. Vulnerability Assessment of Cybersecurity for SCADA Systems Using Attack Trees. In 2007 IEEE Power Engineering Society General Meeting, 2007.

[9]

T. M. Chen, J. C. Sanchez-Aarnoutse, and J. Buford. Petri net modeling of cyber-physical attacks on smart grid. IEEE Transactions on Smart Grid, 2011.

[10]

W. Reisig. Petri Nets: An Introduction. Springer-Verlag New York, Inc., USA, 1985.

[11]

T. Zseby and J. Fabini. Security challenges for wide area monitoring in smart grids. Elektrotechnik und Informationstechnik, 2014.

[12]

C. Blask A. Lee et al. NESCOR Electric Sector Failure Scenarios and Impact Analyses. Technical report, 2013.

[13]

G. Dan, H. Sandberg, M. Ekstedt, and G. Bjrkman. Challenges in Power System Information Security. IEEE Security Privacy, 2012.

Digital Library

[14]

S. Paudel, P. Smith, and T. Zseby. Data Integrity Attacks in Smart Grid Wide Area Monitoring. 4th International Symposium for ICS and SCADA Cyber Security Research, 2016.

[15]

M. Dehghani, Z. Khalafi, A. Khalili, and A. Sami. Integrity attack detection in pmu networks using static state estimation algorithm. In PowerTech, 2015 IEEE.

[16]

A. F. Taha, J. Qi, J. Wang, and J. H. Panchal. Risk mitigation for dynamic state estimation against cyber attacks and unknown inputs. The Computing Research Repository, 2015.

[17]

S. Pal, B. Sikdar, and J. Chow. Real-time detection of packet drop attacks on synchrophasor data. In Smart Grid Communications, IEEE International Conference, 2014.

[18]

M. A. Rahman, E. Al-Shaer, and P. Bera. A noninvasive threat analyzer for advanced metering infrastructure in smart grid. IEEE Transactions on Smart Grid, 2013.

[19]

S. Jauhar et.al. Model-Based Cybersecurity Assessment with NESCOR Smart Grid Failure Scenarios. In IEEE 21st Pacific Rim International Symposium on Dependable Computing, 2015.

Digital Library

[20]

L. Cazorla, C. Alcaraz, and J. Lopez. Cyber Stealth Attacks in Critical Information Infrastructures. IEEE Systems Journal, 2016.

[21]

M. Kezunovic, T. Popovic, C. Muehrcke, B. Isle, S. Harp, E. Sisley, and S. Ayyorgun. NESCOR Wide Area Monitoring, Protection, and Control Systems: Standards for Cyber Security Requirements. 2012. [Online; accessed 31-January-2017].

[22]

IEC-61850. IEC 61850 - Communication Networks and Systems in Substations.

[23]

CISCO. White paper - substation automation for the smart grid. 2010.

[24]

M. Adamiak, D. Baigent, and R. Mackiewicz. IEC 61850 Communication Networks and Systems In Substations. 2010.

[25]

T. T. Kim and H. V. Poor. Strategic Protection Against Data Injection Attacks on Power Grids. IEEE Transactions on Smart Grid, 2011.

[26]

X. Jiang, J. Zhang, B. J. Harding, J. J. Makela, and A. D. Dominguez-Garca. Spoofing gps receiver clock offset of phasor measurement units. IEEE Transactions on Power Systems, 2013.

Cited By

Paudel SShaaban A(2024)Toward a Knowledge-Based Anomaly Identification System for Detecting Anomalies in the Smart GridDatabase and Expert Systems Applications - DEXA 2024 Workshops10.1007/978-3-031-68302-2_4(44-53)Online publication date: 28-Aug-2024
https://doi.org/10.1007/978-3-031-68302-2_4
Vahidi SGhafouri MAu MKassouf MMohammadi ADebbabi M(2023)Security of Wide-Area Monitoring, Protection, and Control (WAMPAC) Systems of the Smart Grid: A Survey on Challenges and OpportunitiesIEEE Communications Surveys & Tutorials10.1109/COMST.2023.325189925:2(1294-1335)Online publication date: Oct-2024
https://doi.org/10.1109/COMST.2023.3251899
Qurashi JJambi KEassa FKhemakhem MAlsolami FBasuhail A(2023)Toward Attack Modeling Technique Addressing Resilience in Self-Driving CarIEEE Access10.1109/ACCESS.2022.323342411(2652-2673)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2022.3233424
Show More Cited By

Recommendations

Design and Application of Penetration Attack Tree Model Oriented to Attack Resistance Test
CSSE '08: Proceedings of the 2008 International Conference on Computer Science and Software Engineering - Volume 03

Attack model is the foundation for organizing and implementing attacks against the target system in Attack Resistance Test. By redefining the node of the attack tree model and redescribing the relation of the attack tree nodes, we build a penetration ...
Foundations of Adaptive Cyber Defense against Advanced Persistent Threats
Defending jamming attack in wide-area monitoring system for smart grid

Smart Grid is a promising technology to efficiently manage the power use, transmission and production. An efficient and dependable smart power grid relies on the secure and reliable real-time data collection and transmission service provided by an ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CPSR-SG'17: Proceedings of the 2nd Workshop on Cyber-Physical Security and Resilience in Smart Grids

April 2017

78 pages

ISBN:9781450349789

DOI:10.1145/3055386

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

IEEE Signal Processing Society
SIGBED: ACM Special Interest Group on Embedded Systems
IEEE CS

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 April 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

CPS Week '17

Sponsor:

SIGBED

CPS Week '17: Cyber Physical Systems Week 2017

April 18 - 21, 2017

PA, Pittsburgh, USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
404
Total Downloads

Downloads (Last 12 months)23
Downloads (Last 6 weeks)3

Reflects downloads up to 15 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Paudel SShaaban A(2024)Toward a Knowledge-Based Anomaly Identification System for Detecting Anomalies in the Smart GridDatabase and Expert Systems Applications - DEXA 2024 Workshops10.1007/978-3-031-68302-2_4(44-53)Online publication date: 28-Aug-2024
https://doi.org/10.1007/978-3-031-68302-2_4
Vahidi SGhafouri MAu MKassouf MMohammadi ADebbabi M(2023)Security of Wide-Area Monitoring, Protection, and Control (WAMPAC) Systems of the Smart Grid: A Survey on Challenges and OpportunitiesIEEE Communications Surveys & Tutorials10.1109/COMST.2023.325189925:2(1294-1335)Online publication date: Oct-2024
https://doi.org/10.1109/COMST.2023.3251899
Qurashi JJambi KEassa FKhemakhem MAlsolami FBasuhail A(2023)Toward Attack Modeling Technique Addressing Resilience in Self-Driving CarIEEE Access10.1109/ACCESS.2022.323342411(2652-2673)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2022.3233424
Halabi TChaudhry AAlqahtani SZulkernine M(2022)A Scary Peek into The Future: Advanced Persistent Threats in Emerging Computing Environments2022 IEEE Conference on Dependable and Secure Computing (DSC)10.1109/DSC54232.2022.9888873(1-8)Online publication date: 22-Jun-2022
https://doi.org/10.1109/DSC54232.2022.9888873
Ling ELagerström REkstedt M(2020)A Systematic Literature Review of Information Sources for Threat Modeling in the Power Systems DomainCritical Information Infrastructures Security10.1007/978-3-030-58295-1_4(47-58)Online publication date: 26-Aug-2020
https://doi.org/10.1007/978-3-030-58295-1_4
Demir KNayyer FSuri N(2019)MPTCP-H: A DDoS Attack Resilient Transport Protocol to Secure Wide Area Measurement SystemsInternational Journal of Critical Infrastructure Protection10.1016/j.ijcip.2019.02.003Online publication date: Feb-2019
https://doi.org/10.1016/j.ijcip.2019.02.003
Ashrafuzzaman MChakhchoukh YJillepalli ATosic Pde Leon DSheldon FJohnson B(2018)Detecting Stealthy False Data Injection Attacks in Power Grids Using Deep Learning2018 14th International Wireless Communications & Mobile Computing Conference (IWCMC)10.1109/IWCMC.2018.8450487(219-225)Online publication date: Jun-2018
https://doi.org/10.1109/IWCMC.2018.8450487
Šurković AHanić DLisova EČaušević ALundqvist KWenslandt DFalk C(2018)Incorporating Attacks Modeling into Safety ProcessDevelopments in Language Theory10.1007/978-3-319-99229-7_4(31-41)Online publication date: 21-Aug-2018
https://doi.org/10.1007/978-3-319-99229-7_4
Wang YYan G(2018)A new model approach of electrical cyber physical systems considering cyber securityIEEJ Transactions on Electrical and Electronic Engineering10.1002/tee.2279814:2(201-213)Online publication date: 9-Oct-2018
https://doi.org/10.1002/tee.22798

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents